The present invention relates to systems and methods for authorizing the execution of desired actions through validation of schedule data that provides a timetable during which the execution of one or more of such actions are authorized. In a specific example, the invention may be put in practical use in access control systems designed to control user access to a door, for example. The access control system determines on the basis of schedule data stored on a user card if the access to the premises may be granted to this particular user for that particular time of day.
The basic architecture for well-known security systems uses a Central Access Control System Computer (CACSC) remotely managing one or more Standard Access Controller (SAC) that control a certain number of service areas. Each SAC, acting as a bridge between the CACSC and a number of local control devices, directly manages most of the functions of the local control device. Each local control device can be viewed as a collection of devices that provide the required services to a controlled access point (such as a door). Examples of those devices are a lock device, a lock status sensor, a door contact sensor, a request-to-exit device, a card reader device, a warning device, a manual pull-station, an intercom, and a video camera, among others.
Typically, the SAC is installed at a central location in the premises and the individual local control devices are connected to the SAC with wires. Each of the devices of a given local control device requires individual wiring over an appreciable length between the SAC and the local control device. In a typical example, a total of 22 wires and one coax cable may be required between each local control device and the SAC.
In use, when a user desires to access the premises, he or she inserts a portable memory device (i.e., an identification card) in the card reader of the local control device. The card reader extracts from the card the user identification number. This identification number is usually a 26 to a 32-bit data unit. This number is then transmitted to the remote SAC that contains a database of all the authorized user identification numbers. The SAC compares the received identification number with the valid numbers held in the database. In the event a match is found, the SAC invokes a scheduler that determines if the user can access the premises at that particular time. The scheduler is also a database mapping the valid identification numbers with schedule information. If the scheduler reports that the user is allowed to access the premises at that given time, the SAC issues a control signal to the electric lock of the local control device to unlock the door.
This implementation requires the SAC to store all the identification numbers, user information, schedules, door access information, etc. in its processor""s memory.
A first drawback with present systems is related to the memory capacity of the SAC. Actual systems, for say 5000 users, are limited to 100-150 schedules. This means that the typical memory allocation does not even provide one unique schedule per user. Furthermore, with the advent of new services such as photo identification even more memory capacity will be required. One solution might be to increase the SAC""s memory, however, this is expensive.
A second drawback is associated with the number of wires and their length between the SAC and the local control device. This requires the routing of a wire bundle from each Local control device to the SAC that is installed in a utility cabinet at a distance up to 500 feet away. This becomes a problem when troubleshooting of the system is necessary. When troubleshooting is performed, it may be necessary to inspect and/or test each of the individual wires. Furthermore, every time a new service is installed at a controlled access point (local control device), routing of additional wires from the CAP to the SAC is necessary. Troubleshooting and new service installation can therefore be quite time consuming.
Thus, there exists a need in the industry to provide an improved automated access control system that alleviates the drawbacks associated with prior art systems.
An object of this invention is to provide an improved system and method for authorizing the execution of desired actions through validation of schedule data.
Yet another object of the present invention is to provide an improved portable memory device, such as a hand held electronic card, that is capable of storing schedule data that can be processed at a local control device to determine if a desired action can be effected at least in part on the basis of the scheduled data.
As embodied and broadly described herein, the invention provides a portable memory device to enable execution of a desired action by a control device, said portable memory device including a machine readable storage medium holding a data structure including schedule data providing at least one time interval during which the execution of the desired action may potentially be authorized by the control device, said data structure being readable by the control device to acquire said schedule data and determine if the execution of the desired action is to be authorized on a basis at least in part of said schedule data.
For the purpose of this specification, the expression xe2x80x9cschedule dataxe2x80x9d is intended to encompass any collection of data that constitutes or provides the functionality of a timetable. In a specific example, the schedule data may provide one or more time intervals during which a user may be authorized to access the premises of a building, or generally enable the execution of the certain function, such as unlocking the door.
In a most preferred embodiment of the present invention, the portable memory device is in the form of an access card including a machine-readable storage medium in which is stored the data structure providing the necessary data elements to complete a user validation transaction at a door of a premises. More specifically, three specific data elements are stored on the machine-readable storage medium, namely a user identification number, schedule data and schedule validation data. The user identification number is employed to validate the user against a known list of identification codes that are established as valid codes. In other words, if the identification code read from the card does not match any one of the codes in the list, access is denied. The schedule data element is used to determine the time frame of each day or of selected days during which access to the premises can be granted to the user. Finally, the schedule validation data is provided to authenticate the schedule data on the memory device through an interaction involving the control device.
In this example, the control device is capable of a much broader decision making process, since most of the information that is necessary to the control device to determine if access to the user is to be granted is locally available. Part of this information is held in the memory of the control device and part is acquired from the portable memory device. This feature limits the data exchange with the SAC during a transaction with a user. Accordingly, the number of wires that interconnect the control device with the SAC can be significantly reduced since the limited data exchange can be implemented by using a serial data transmission protocol.
In a specific example of the operation of the system, a user presents his access card to the card reader at the local control device. The card reader scans the card and extracts the information from the card and stores it to a temporary memory location in the local control device. The local control device will process the information (user identification number, schedule data and schedule validation data for this user) to determine if the action sought by the user can be authorized.
The decision making process is based on an analysis of the three data elements stored on the user card. First, the control device will search the list of valid user identification codes stored in his memory and if a match is found it will then proceed to the next step that is to process the schedule data to determine if at that particular time access may be granted. The decision is based on an analysis of the schedule validation data also acquired from the card.
In a very specific example, the schedule data includes a global set of schedule data elements, each schedule data element providing a certain time frame during which access to the premises may be potentially authorized for the specific user. However, there is no indication on the card as to which of the schedule data elements are valid. The purpose of the validation schedule data is to indicate, by interfacing with additional data residing on the local control device, which ones of the global schedule data elements are valid for this user. The validation schedule data element can be a simple pointer that constitutes an index for a table residing in the local control device, the table entry for that index identifying one or more schedule data elements amongst the global set of schedule data elements in the global set that are valid for this particular user.
In summary, to gain access to the premises the user access card designed in accordance with the preferred embodiment of the invention must provide three separate types of information, namely a user identification number, a global set of schedule data elements and a pointer to a table in the memory of the local control device. There are a number of advantages that result from this arrangement. First, the decision making process regarding user validation is effected locally, without any substantive data exchange with the SAC. This translates into a much faster response time. Secondly, the number of wires necessary to support the data exchanges between the local control device and the SAC is significantly reduced because much less bandwidth is now necessary in the data exchanges local control device/SAC. Those data exchanges are now mostly limited to downloading toward the local control device the information necessary for the local control device to make the necessary decisions during the transactions with the user. For example, the SAC will upload toward the local control device the lists of authorized user identification numbers, the tables identifying the valid schedule data elements for each user, etc.
The validation schedule data is not necessarily a separate data element and can be combined with another data element on the portable memory device. For instance, in a specific example, the user identification number can be used as the pointer to the table in the memory of the control device in order to determine which ones of the schedule data elements in the global set of schedule data elements are valid. This feature is beneficial because it combines into a single data element a dual functionality, thus economizing memory space on the portable memory device. Thus, for the purposes of the present specification, the expression xe2x80x9cvalidation schedule dataxe2x80x9d does not necessarily imply the existence of a separate data element in the portable memory device. A xe2x80x9cvalidation schedule dataxe2x80x9d is deemed to exist when a data element is present in the portable memory device that provides the functionality of the validation schedule data, even when that data element is used for other purposes as well.
As embodied and broadly described herein, the invention provides a portable memory device for enabling the execution of a desired action by a control device, said portable memory device including a machine readable storage medium holding a data structure including:
a) a global set of schedule data elements, each data element of said set being indicative of a time interval during which the execution of the desired action may potentially be authorized by the control device;
b) schedule validation data; and
c) said data structure being readable by the control device to acquire said schedule data and said schedule validation data, said schedule validation data being indicative through reference to a data arrangement external to said portable memory device of at least one of said schedule data elements that is representative of a time interval during which the control device authorizes execution of the desired action.
As embodied and broadly described herein, the invention further provides a control device for controlling the execution of a certain function, said control device including:
a) an input for receiving:
i) a global set of schedule data elements, each schedule data element of said set being indicative of a time interval during which the execution of the desired action may potentially be authorized by the control device; and
ii) schedule validation data; and
b) processing means responsive to said schedule validation data to identify in said set of schedule data elements a sub-set of schedule data elements that includes at least one schedule data element that is representative of a time interval during which the control device authorizes execution of the desired action.